Muutke küpsiste eelistusi

Understanding and Troubleshooting Cisco Catalyst 9800 Series Wireless Controllers [Pehme köide]

5.00/5 (4 hinnangut Goodreads-ist)
, , ,
  • Formaat: Paperback / softback, 656 pages, kõrgus x laius x paksus: 233x187x34 mm, kaal: 1090 g
  • Ilmumisaeg: 09-Aug-2022
  • Kirjastus: Cisco Press
  • ISBN-10: 0137492324
  • ISBN-13: 9780137492329
Teised raamatud teemal:
Understanding and Troubleshooting Cisco Catalyst 9800 Series Wireless ControllersSuurem pilt
  • Formaat: Paperback / softback, 656 pages, kõrgus x laius x paksus: 233x187x34 mm, kaal: 1090 g
  • Ilmumisaeg: 09-Aug-2022
  • Kirjastus: Cisco Press
  • ISBN-10: 0137492324
  • ISBN-13: 9780137492329
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780137492329.html
Märksõnad:
The definitive professional’s guide to the Cisco next-gen 9800 wireless controllers


As wireless networks, applications, and services rapidly evolve, they grow increasingly business critical, with steeper requirements for performance, latency, deployment density, and device support. The advanced Catalyst 9800 wireless controllers from Cisco meet these challenges, delivering exceptional adaptability, security, performance, scalability, and programmability. Based on the modern and secure Cisco IOS XE operating system, their support for Cisco intent-based networking will help you continually leverage new innovation. Now, four Cisco experts offer end-to-end guidance, practical tips, and proven recommendations for designing, deploying, and managing wireless networks with the Catalyst 9800.


For technical decision makers, this guide delivers a deep understanding of Catalyst 9800 hardware and software, tightly linked to business value. Architects will find essential details for both upfront network design and feature implementation. Network operators and other IT professionals will discover tested tools and methods for reliable and efficient setup, configuration, monitoring, and troubleshooting. Whatever your role, this guide will help you maximize the value of any Catalyst 9800 network, and serve as your indispensable reference for years to come.


  • Understand Catalyst 9800 benefits, capabilities, roles, and architecture
  • Learn the new C9800 Configuration Model, with key design considerations and best practices
  • Deploy and configure the C9800 in private and public clouds
  • Systematically secure the C9800: from AAA and ACLs to rogue detection and wireless intrusion prevention (WIPS)
  • Establish and optimize seamless client roaming in enterprise environments
  • Learn how the C9800 implements key RF concepts
  • Plan and implement an end-to-end architecture for QoS, and design/ deploy for high availability and network services like multicast
  • Discover value-added wireless services available through Cisco DNA Spaces
  • Drive agility and value via network programmability with YANG, Python, RESTCONF, and NETCONF
  • Make the most out of the rich data models of Model-Driven Telemetry and Programmability using open-source tools
  • Walk through wireless network troubleshooting, backup/restore, and upgrades
Introduction xxvii
Chapter 1 Cisco C9800 Series
1(24)
Why Cisco C9800?
2(5)
Intent-Based Networking (IBN)
3(1)
Flexible Software
4(1)
Flexible Hardware
5(2)
The Role of the Wireless Controller in a Cloud Era
7(3)
Managing the Cisco C9800
10(12)
Traditional Management Tools
11(1)
"On Box" Management
11(5)
Cisco Prime Infrastructure
16(3)
Cisco DNA Center
19(1)
C9800 Prerequisites for Cisco DNA Center
20(1)
CI/CD Tools
21(1)
Licensing
21(1)
Cisco Next-Generation Wireless Stack
22(1)
Summary
23(1)
References
23(2)
Chapter 2 Hardware and Software Architecture of the C9800
25(18)
General CAPWAP Split MAC Architecture
25(2)
The Controller Control Plane Architecture Elasticity
27(4)
IOS-XE Software Architecture
27(1)
WNCd: The Heart of the Wireless Controller Control Plane
28(3)
Other Wireless Processes
31(1)
Wireless Client State Machine
31(4)
One Dataplane to Rule Them All (or Three at the Maximum)
35(3)
Hardware Overview
38(4)
C9800-40 and C9800-80
38(2)
C9800-L
40(1)
C9800-CL
41(1)
Summary
42(1)
Chapter 3 C9800 Configuration Model
43(22)
C9800 New Configuration Model
43(5)
What Does My AireOS AP Group Migrate To?
46(1)
What About FlexConnect?
47(1)
Cisco C9800 Series Profile and Tag Considerations
48(16)
Assigning Tags
48(6)
Moving APs Between Wireless Controllers and Preserving Tags
54(1)
Roaming Between Policy Tags
55(2)
Designing with Site Tags in Mind (Local Mode APs)
57(6)
Designing with Site Tags in Mind (FlexConnect Mode APs)
63(1)
Summary
64(1)
References
64(1)
Chapter 4 C9800 Deployment and Installation
65(24)
C9800 Deployment Models
65(14)
C9800 for Private Cloud
65(1)
C9800 Physical Appliance
66(4)
C9800 Virtual Appliance
70(4)
Embedded Wireless Controller on Catalyst AP and Switch
74(1)
C9800 for Public Cloud
75(4)
Setting Up Your First Catalyst Wireless Network
79(8)
C9800 Initial Setup
80(3)
Access Point Join
83(2)
Configuring WLAN and Connecting a Client
85(2)
Summary
87(1)
References
87(2)
Chapter 5 Security
89(70)
Network Security Fundamentals
89(27)
Access Control Lists (ACLs)
89(1)
Defining ACLs
90(1)
Applying ACLs
91(2)
Applying Wireless ACLs on the WLC
93(1)
Flex Connect ACLs on the AP
94(1)
The Case of Downloadable ACLs (DACLs)
95(1)
URL Filters (a.k.a. DNS-Based ACLs)
96(1)
Certificates and Trustpoints
97(1)
A Case for Trustpoints
98(1)
How to Add a Certificate on the Controller
98(5)
AAA
103(1)
RADIUS
104(1)
RADIUS Attributes
105(1)
RADIUS Sequence Example
106(1)
RADIUS Change of Authorization (CoA)
107(1)
RADIUS Configuration and Load Balancing
108(1)
Configuring RADIUS Servers
108(1)
Configuring RADIUS Server Groups
108(2)
RADIUS Server Fallback
110(1)
RADIUS Load Balancing
111(1)
RADIUS Accounting
111(1)
AAA Methods
112(1)
Local EAP
113(1)
TACACS+
114(2)
LDAP
116(1)
Wireless Security Fundamentals
116(12)
Wired Equivalent Privacy (WEP)
116(1)
Wi-Fi Protected Access (WPA)
116(3)
802.1X for WPA Enterprise
119(1)
802.1X Components
119(1)
EAP
120(1)
EAP Methods
121(3)
WPA3 Enterprise
124(1)
Preshared Key for WPA Personal
124(1)
WPA3 SAE
125(1)
MPSK
126(1)
Identity PSK (iPSK)
127(1)
MAC Filtering
127(1)
Enhanced Open
128(1)
Securing the Air
128(20)
WPA2 Personal
129(1)
WPA3 SAE
130(2)
WPA2 with iPSK
132(6)
Enhanced Open
138(2)
(Local) Web Authentication
140(3)
Central Web Authentication
143(2)
Web Authentication Best Practices
145(1)
HTTPS Redirection
145(1)
Captive Portal Bypass
146(1)
Web Authentication Takeaways
147(1)
Rogue Detection and WIPS
148(1)
Securing Your Access Points
148(3)
AP Authorization
148(1)
AP 802.1X Authentication
149(1)
Securing the AP Join Process Using Locally Significant Certificates
150(1)
Securing Your Wireless Controller
151(3)
Securing Administrator Access
151(1)
Using TACACS+
151(2)
Using RADIUS
153(1)
Guest Users
153(1)
The Lobby Ambassador Type of User
153(1)
Netconf
153(1)
Granularity of WebUI Access
154(1)
Connect to the WebUI Using Certificates
154(1)
Securing Traffic
154(1)
Encrypted Traffic Analytics
154(1)
Cisco Umbrella
155(2)
Cisco Secure Development Lifecycle (CSDL)
157(1)
Summary
157(1)
References
157(2)
Chapter 6 Mobility and Client Roaming
159(36)
802.11 Roaming
160(21)
Full-Auth Roaming (or Slow Roam)
161(2)
Fast Secure Roaming
163(1)
PMKID Caching (Sticky Key Caching)
164(1)
OKC
165(2)
CCKM
167(2)
Fast Transition (802.11r)
169(8)
Roaming Optimizations
177(1)
802.11k
177(2)
802.11v BSS Transition
179(2)
Types of Client Roaming
181(10)
Intra-Controller Roaming
181(1)
Intra-WNCd Roaming (Same Site Tag, Same Policy Profile)
181(1)
Inter-WNCd Roam (Different Site Tags, Same Policy Profile)
182(1)
Intra-WLC Roam (Same Site Tag, Different Policy Profile)
183(2)
Inter-Controller Roaming
185(1)
Layer 2 Roaming
185(1)
Layer 3 Roaming
185(2)
Static IP Client Mobility
187(1)
Auto-Anchor Mobility (Guest Tunnel)
187(1)
Configuring Secure Mobility Tunneling on a C9800
188(3)
C9800 to AireOS Inter-Release Controller Mobility (IRCM)
191(1)
Summary
192(1)
References
193(2)
Chapter 7 RF Deployment and Guidelines
195(52)
Radio Resources Management (RRM) Concepts and Components
195(4)
Antennas and Signal Propagation
195(2)
Countries and Domains
197(2)
Challenging RF Environments
199(4)
Metal-Heavy Areas
200(1)
High-Density Crowd Areas
200(1)
Shielded Doors and Sudden Turns
201(1)
Uneven Ceilings
201(1)
Atriums
202(1)
Radio Resources Management (RRM)
203(8)
Data Collection
203(3)
RF Grouping
206(1)
RF Grouping Modes
207(1)
TPC
208(1)
TPC Overview
208(1)
TPC Minimum and Maximum
209(1)
Coverage Hole Detection
210(1)
DCA
211(4)
Overlapping Basic Service Set (BSS)
213(2)
Cloud-Based RRM
215(1)
RF Profiles
215(4)
Spectrum Intelligence and CleanAir
219(5)
Configuring CleanAir
222(1)
Monitoring the Spectrum Live
222(1)
Interferer Location Tracking
223(1)
Monitoring the RF Space
224(1)
Advanced RF Features
224(4)
Band Select
225(1)
Aggressive Client Load Balancing
226(1)
Off-Channel Scanning Defer
227(1)
Airtime Fairness (ATF)
228(4)
Wi-Fi 6 Features
228(1)
OFDMA
229(1)
Multi User-Multiple Input Multiple Output (MU-MIMO)
229(1)
Target Wake Time (TWT)
229(2)
BSS Coloring
231(1)
Channel Width
232(1)
Dynamic Frequency Selection (DFS)
232(3)
DFS Overview
233(1)
DFS in the C9800
234(1)
Flexible Radio Assignment (FRA)
235(3)
Tri-radio
236(2)
Wireless Intrusion Prevention System (WIPS) and Rogue Detection
238(8)
Rogue AP Detection and Classification
238(1)
Detecting a Rogue Access Point
238(2)
Classifying Rogue Access Points
240(1)
Understanding the Danger of a Rogue Access Point
241(1)
Containing Rogue Access Points
241(3)
Adaptive WIPS
244(1)
Client Exclusion
245(1)
Summary
246(1)
References
246(1)
Chapter 8 Multicast and Multicast Domain Name System (mDNS)
247(38)
Wireless Multicast
250(13)
Multicast Packet Flow in Wireless
250(1)
Multicast in a Centralized Wireless Deployment
250(1)
Multicast in Flex
251(1)
Multicast in Fabric
251(1)
How to Configure Multicast on the C9800
251(2)
IGMP and MLD on the C9800
253(1)
CAPWAP Multicast
254(1)
Multicast over Unicast (MoU)
254(2)
Multicast over Multicast (MoM)
256(3)
802.11 Multicast
259(1)
Wireless Broadcast and Non-IP Multicast
260(2)
Multicast in Client Roaming Scenarios
262(1)
Media Stream Feature
263(9)
Cell Planning
264(1)
Components of VideoStream
264(3)
How to Configure Media Stream
267(5)
MDNS
272(11)
MDNS Bridging
273(1)
MDNS Gateway
274(1)
How to Configure mDNS Gateway
274(2)
MDNS Gateway on WLAN
276(1)
MDNS Service Policy on Policy Profile
277(1)
MDNS Service Policy
277(3)
MDNS Service Policy on VLAN SVI
280(1)
MDNS Service Policy via AAA Override
281(1)
MDNS-the AP
281(1)
MDNS Gateway in FlexConnect Deployment
282(1)
MDNS Gateway with Guest Anchor
283(1)
Summary
283(1)
References
283(2)
Chapter 9 Quality of Service (QoS)
285(38)
Wi-Fi Quality of Service (QoS)
286(1)
Wi-Fi (802.11) QoS Fundamentals
287(13)
QoS Design
289(1)
UP and DSCP Mapping
290(5)
DSCP to UP Mapping
295(3)
Wireless Call Admission Control (CAC)
298(2)
Implementing Wireless QoS on the C9800
300(4)
QoS Policy Targets
300(1)
Modular QoS CLI
301(1)
Trust DSCP Model
302(2)
Designing and Deploying Catalyst C9800 QoS
304(16)
QoS Deployment Workflow
304(6)
Auto QoS
310(3)
QoS Profiles (a.k.a. Metal QoS Profiles)
313(3)
Application Visibility and Control (AVC)
316(3)
Deployment Verification and Restrictions
319(1)
Fastlane+ (Plus)
319(1)
Best Practices
320(2)
Summary
322(1)
References
322(1)
Chapter 10 C9800 High Availability
323(38)
SSO Redundancy
324(25)
Prerequisites
325(2)
Ports and Interfaces
327(1)
Redundancy Management Interface (RMI)
327(1)
Redundancy Port (RP)
328(2)
Uplink Ports
330(1)
Console Port
330(1)
Out-of-Band Management/Service Port (SP)
330(1)
RP+RMI Supported Topologies
331(1)
Building an RP+RMI HA Pair
331(1)
Configuration
332(3)
Active-Standby Election Process
335(1)
HA Sync
335(1)
HA Formation in Action
336(2)
SSO Switchover
338(1)
System and Network Error Handling
339(5)
Monitoring HA
344(1)
Monitoring an HA Pair via the CLI
344(3)
Monitoring an HA Pair via the GUI
347(1)
Monitoring an HA Pair via SNMP
348(1)
Monitoring an HA Pair via Programmatic Interfaces
348(1)
RP Only to RP+RMI HA Migration
349(1)
HA Teardown
349(1)
SSO Deployment: Impact on Features
350(2)
Mobility (Mobility MAC)
350(1)
Link Aggregation Group (LAG)
351(1)
Multi-Chassis LAG
352(1)
N+1 Redundancy
352(5)
N+1 HA Configuration
353(1)
Configuration on the AP Join Profile
354(1)
CAPWAP Timers
355(1)
Preserving AP-to-Tag Mapping across N+1 Failovers
356(1)
Licensing with N+1
357(1)
N+1 vs. SSO High Availability
357(1)
HA in EWC-AP Deployment
358(1)
HA in EWC-SW Deployment
359(1)
Summary
359(1)
References
360(1)
Chapter 11 Cisco DNA Spaces Integration and IoT
361(32)
Value-Added Wireless Services
361(11)
Location Tracking
361(1)
Accuracy
362(1)
Location Update Frequency
363(1)
Presence
364(1)
The Impact of Privacy MAC Addresses
364(1)
Location Deployment Guidelines
364(1)
Other Technologies
365(1)
Analytics
366(1)
Guest Services
366(1)
Bluetooth and IoT
366(1)
BLE
367(1)
IoT
368(3)
Bluetooth Location Tracking
371(1)
Connected Mobile Experiences (CMX)
372(1)
Cisco DNA Spaces
372(7)
Deployment Modes
374(1)
Direct Connection
374(1)
Cisco DNA Spaces Connector
375(4)
CMX Tethering
379(1)
Specific Service Examples
379(13)
OpenRoaming
379(1)
What Problem Is OpenRoaming Trying to Solve?
379(1)
OpenRoaming Architecture
379(2)
OpenRoaming Configuration
381(5)
Captive Portal
386(2)
Advantages of a Portal on Cisco DNA Spaces
388(1)
Proximity
389(1)
BLE Gateway on Cisco DNA Spaces
389(3)
Summary
392(1)
References
392(1)
Chapter 12 Network Programmability
393(44)
What Is Network Programmability?
393(1)
Why Is Network Programmability Needed?
393(3)
Is Network Programmability a New Concept?
396(1)
Orchestration of the Entire Network
396(1)
Configuration Repeatability
396(1)
Idempotency
397(1)
Imperative vs. Declarative Models
397(3)
Infrastructure as Code (IaC)
400(1)
Network Programmability in the C9800
401(1)
Data Models
402(1)
YANG Data Models
403(3)
Encoding Formats
406(2)
XML
406(1)
JSON
407(1)
Protobuf
408(1)
Protocols
408(4)
NETCONF
409(1)
NETCONF Capabilities
409(1)
NETCONF Layers
409(2)
RESTCONF
411(1)
HTTP Methods
411(1)
HTTP Return Codes
411(1)
GNMI/gRPC
412(1)
Tools to Examine YANG Models
412(7)
Pyang
412(1)
Using pyang in a Docker Container
413(1)
YANG Suite
414(5)
How to Examine Data Using NETCONF and YANG Suite
419(2)
How to Examine Data Using RESTCONF and POSTMAN
421(8)
Enabling RESTCONF
422(1)
RESTCONF URIs
422(1)
Root
422(1)
Resource
423(1)
Data Model
423(2)
Searching Data
425(1)
Updating the Configuration
426(3)
Python and Network Programmability
429(7)
Assigning Tags to APs Based on Serial Number
429(2)
Program Structure
431(5)
Summary
436(1)
References
436(1)
Chapter 13 Model-Driven Telemetry
437(32)
What Is Model-Driven Telemetry?
437(1)
How to Enable Model-Driven Telemetry
438(3)
Netconf
439(1)
Restconf
439(1)
GNMI
440(1)
Operational Data and KPIs
441(6)
Polling vs. Subscribing
447(1)
Telemetry Streams
448(1)
Yang-notif-native Stream
448(1)
Yang-push Stream
448(1)
How to Identify Subtrees in YANG Models
449(1)
Dial-out vs. Dial-in
450(10)
Dial-out
450(1)
Dial-in
451(2)
Creating Dial-in Subscriptions
453(7)
Tools
460(7)
YANG Suite
460(1)
TIG (Telegraf, Influx, Grafana)
461(2)
Creating a Dashboard
463(4)
Summary
467(1)
References
467(2)
Chapter 14 Cisco DNA Center/Assurance Integration
469(24)
Introduction
469(3)
Cisco DNA Center Assurance Architecture
471(1)
Managing the C9800 with Cisco DNA Center
472(20)
Client 360
473(2)
AP360
475(2)
Network Services Analytics
477(2)
Device Analytics
479(1)
Apple Analytics
479(2)
Samsung Analytics
481(1)
Intel Analytics
481(2)
Intelligent Capture
483(5)
Cisco Active Sensor
488(1)
Sensor Provisioning and Onboarding
489(1)
Test Suites
489(2)
Troubleshooting the Assurance Application
491(1)
Summary
492(1)
References
492(1)
Chapter 15 Backing Up, Restoring, and Upgrading Your C9800
493(14)
Saving and Restoring the Configuration for Disaster Recovery
493(7)
Saving the Configuration Changes
494(1)
Backing Up the Configuration and Restoring It
494(1)
Backing Up Everything for Restoring on Another Controller
495(1)
The Advantage of Backing Up Using the WebUI
496(1)
The Case of Configuration Encryption
496(1)
Backing Up Using Cisco Prime Infrastructure
497(1)
Backing Up Using Cisco DNA Center
498(2)
Running IOS-XE in Install or Bundle Mode
500(1)
Bundle Mode
500(1)
Install Mode
500(1)
Upgrading (and Downgrading) the Controller Safely
501(5)
Standard Upgrade
501(2)
AP Predownload
503(2)
Efficient Upgrade
505(1)
Rolling AP Upgrade (for N+1)
505(1)
In-Service Software Upgrade (ISSU)
506(1)
Summary
506(1)
References
506(1)
Chapter 16 Troubleshooting
507(72)
Control Plane Tracing
509(16)
Syslog
509(2)
Binary Tracing
511(4)
Always-On Tracing
515(5)
Per-Process Debugging
520(1)
Radioactive Tracing
521(4)
Embedded Packet Capture (EPC)
525(6)
Packet Tracer
531(5)
Troubleshooting Dashboard
536(4)
Core Dump and System Report
536(3)
Debug Bundle
539(1)
Ping and Trace Route
539(1)
Other On-the-Box Tools on the C9800 GUI
540(5)
AireOS Config Translator
540(1)
Command-Line Interface
541(1)
File Manager
542(1)
Walk-Me Integrated with the C9800 GUI
542(1)
Configuration Validator
543(2)
Offline Tools for the C9800
545(3)
Wireless Configuration Convertor
545(1)
Wireless Config Analyzer
546(1)
Wireless Debug Analyzer
547(1)
Log Advisor
548(1)
Health and KPI Monitoring
548(29)
Dashboard
549(1)
Hardware Monitoring
550(7)
Smart Licensing
557(1)
Direct Connect
557(1)
On-Premises SSM or CSLU
558(1)
Airgap
558(1)
AP Health Monitoring
559(4)
Client Health Monitoring
563(7)
CPU Monitoring
570(5)
Memory Monitoring
575(1)
Data Plane Monitoring
576(1)
Summary
577(1)
References
578(1)
Appendix A Setting Up a Development Environment 579(28)
Index 607
Simone Arena is a principal technical marketing engineer (TME) within the Cisco Enterprise Networking & Cloud group and is primarily focused on enterprise network architecture and on all things related to wireless and mobility. Simone is based in Italy and is a Cisco veteran, having joined Cisco in 1999. Throughout the years, Simone has covered multiple roles at Cisco, starting as a software engineer working with Catalyst switching platforms, to consulting system engineer in the field, to TME within different teams (Enterprise Solution Engineering, Wireless Business Unit, Enterprise Networking and Cloud, and now Networking Experiences Group). Today Simone is the lead TME architect for Catalyst Wireless, and his time is split between helping customers and partners design the best solution that fits their needs and engineering and product management, trying to evolve and improve the products and solutions. Simone is a Distinguished Speaker at Cisco Live and has spoken at Cisco Live events all over the world for several years. Besides wireless and networking, Simone has two passions: his family, with his two daughters Viola and Anita; and Fiorentina, the best soccer team in the world...no question. In his spare time, Simone enjoys listening to music, especially through his new tube amplifier (simply awesome!).

Francisco Sedano Crippa, CCIE No. 14859, joined Cisco in 2006. After some years at TAC supporting voice solutions and as a system engineer working with service providers, he moved to the development side, where he worked on routing, datacenter and, during the past 10 years, as a technical leader on the Wireless Controller development team, focused in serviceability, location services, programmability, and cloud. Hes a Cisco Live speaker and is passionate about DevOps and automation, and he is now working on architecting next-generation cloud-based lab services. When not working, he spends his time building a full-size Boeing 737 simulator in his basement and enjoying his other passion: his daughter, Scarlett, and son, Marco, and his wife, Isabel.

Nicolas Darchis, CCIE Wireless No. 25344, joined the Wireless and AAA Cisco TAC team in Belgium in 2007, where his main focus was troubleshooting wireless networks, wireless management tools, and security products. Since 2016, Nicolas has been working as a technical leader for wireless at the same technical assistance center in Brussels; he has shifted a big part of his focus to improving product serviceability of new and upcoming products, as well as new software releases. He is also a major contributor to online documentation of Cisco wireless products and has participated in many of the wireless Ask the Expert sessions run by the Cisco support community. Nicolas has been a CCIE Wireless No. 25344 since 2009 and, more recently, he has achieved CWNE No. 208.

Sudha Katgeri, CCIE No. 45857, is a technical leader in services for Enterprise Wireless and has been with Cisco since 2006. Besides supporting customer escalations, Sudha collaborates with Customer Experience (CX), Enterprise Networking (ENB) Escalation, Engineering, and Product Management to improve product quality and serviceability in the next-generation Catalyst wireless stack. Sudha has a CCIE in Wireless (#45857) and is an author and contributor to Wireless TAC Innovation Tools like Wireless Config Converter, CLI Analyzer, and several documents on cisco.com.